search cancel

UNAB error message "UNAB uxauthd reply status is not OK" in /var/log/secure

book

Article ID: 256093

calendar_today

Updated On:

Products

CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

Under some circumstances the following error message may be filling up /var/log/secure

<Date> <machine_name> <user_name>[pid]: UNAB uxauthd reply status is not OK but <negative_random_number>

For instance

Dec  2 14:38:38 mymachine myuser[784078]: UNAB uxauthd reply status is not OK but -1372721968

However, the user is able to authenticate normally using UNAB.

At the same time, if UNAB is set to debug, following messages are present in the agent_debug file if UNAB is set to debug

<date>.<hour> T<number> R 1: HandleUserOnLine: Check user '<user>' failed, error = 1065

For instance

20221202143838.136005 T2445978496 R 1: HandleUserOnLine: Check user 'myuser' failed, error = 1065


Note that these messages appear only if the user attempting to access is local on the machine and not on Active Directory, and that the user accesses regularly anyway.

This happens only if the user trying to authenticate to a machine where UNAB is running is local, so it has no UNIX attributes in AD, or in case it exists in AD, it is filtered from UNAB via a filter like user_custom_filter = !(uidNumber=<uid_of_user>)

Environment

UNAB v14.10.40.170 and earlier versions

Cause

Error code 1065 means that UNAB is unable to retrieve attributes from active directory regarding the user that one is trying to log in as.

It makes sense as whether the user is local and has no attributes in AD, or it is filtered from UNAB, the product will not be able to verify its attributes in AD

As far as error reply status is not OK but <negative_random_number> this is purely an informative message which is caused by module pam_uxauth and it bears little or no value in terms of troubleshooting. Message is harmless and later versions of UNAB have disabled it

Resolution

This is corrected in  UNAB v14.10.40.174 and later.

Messages in /var/log/secure will only appear when the debug level is set to lower or medium

Please install recommended build or a later one